SIGS Technology Summit Speakers in 2015

The whole agenda you can find here – all presentations are held in English

Key Notes

(ISC)2, Peter Berlich, Authorized Instructor

Dr. Peter Berlich is an experienced and passionate trainer, manager and professional for Information Security.
Building on a foundation of professional, business and inter-cultural leadership skills, he has established, managed and supported security functions, management systems and programs in a large spectrum of organisational contexts, both from a client and service provider perspective. He has published numerous papers, articles and conference contributions on the subject of Information Risk, Security and Privacy as well as Security Careers and worked as a tutor for IT Security Management.

He is a community builder for security professionals, and has been serving as founding Chairman of the Swiss (ISC)² Chapter. He has served as Vice Chairman of the Board of certification organisation (ISC)² and as a Board member and chair of several other professional organisations.

The Great Cyber Race: Information and cyber security preparedness as seen from the front-lines of practice around the World
For over 10 years, the (ISC)² global Information Security Workforce Study has tracked trends in security management, spending and staffing to reveal corporate and society’s preparedness for the digital age. As the largest, and only work of its kind to provide a comprehensive view of opportunities and challenges as seen through the eyes of practicing professionals, the study is increasingly referenced by governments and organizations around the world.

In 2015 the study, available from April, presents a stark view of the combined impact of developing technology trends; and an increasingly sophisticated threat landscape, against a concern first raised in 2013 of a now acute skills crunch. A clear illustration of how digital development and society’s dependencies continue to outstrip the capacity to secure them, this year’s findings point to key management gaps within current practice, very real strains being felt by security teams and their organisations; and the influence all of this is having on security spending. Particular points of interest include:

Developments across management, job roles, and salaries

How organisational systems are changing and related security gaps

The tasks and issues that consume professionals’ time

Top threats and techniques that professionals are facing

Top spending choices for security solutions and training

And more

Presentation in the stream of Information Security Forum (ISF)

A best practice framework for managing information risk
Effective management of information risk has never been as critical as it is today, particularly if organisations are to stay resilient while in pursuit of strategic goals. The role of cyber and information risk management is a board issue and must be given the same level of attention afforded to operational risk management and other established risk management practices today.

The insatiable appetite for speed and agility, the growing importance of the full supply chain (upstream and downstream) and the mounting dependence on diverse technologies (such as cloud computing and Bring Your Own Device (BYOD)) demand a consistent security framework and a scalable Information Security Management System, conformant with established standards.

We are presenting the ISF’s comprehensive best practice framework developed out of 25 years of best practice from a wide range of enterprises, including ISO 27002 compatible security controls, Risk Management and Benchmarking tools with an ‘out of the box’ approach for addressing a wide range of challenges – whether they be strategic, compliance-driven or process approaches.

Cyverse, Shira Kaplan, CEO

Shira’s technological training dates back to her military service in the Israeli 8200 Elite Technology Unit of the Intelligence. In 8200, which became well-known for producing some of Israel’s top cybersecurity entrepreneurs, Shira was young sergeant overseeing two technology desks.

Shira’s professional career in Israel focused on economic research and investor relations. Upon relocating to Zurich in 2011, she served in various private banking functions at Bank Julius Baer & Co.

Upon completing her MBA thesis at the University of St. Gallen HSG in 2014, Shira launched Cyverse, a boutique consultancy based out of Zurich and Herzliya, with the vision of connecting Europe to Israel’s booming cybersecurity ecosystem.

Together with Cyverse’s Chairwoman, Ms. Anat Bar-Gera, a serial telecom entrepreneur, Cyverse has attracted to Switzerland some of Israel’s most advanced cybersecurity technologies, by tapping on Israel’s closed army and intelligence cybersecurity entrepreneurial circles.

Shira holds a B.A. from Harvard University and an MBA from the University of St. Gallen.

Israel: From Start-Up Nation to Cyber-Security Nation

In the last 4 years, Israel has seen the emergence of over 300 startups in the field of cybersecurity alone. This country of 8 million people has attracted in 2013 over 10% of the global funding in cybersecurity. In 2014, exit activity (acquisitions and IPOs) of Israeli cybersecurity startups exceeded CHF 1 billion.

How has the Israeli “startup nation” become a leading cybersecurity nation? Where do Israel’s top cybersecurity entrepreneurs come from? How does Michael Porter’s “Cluster” theory fit into this story? What are the opportunities for Swiss companies in the Israeli cybersecurity ecosystem? Shira’s lecture will touch upon all these points.

ISF, Prof. Dr. Dirk Loomans

The physicist has a broad management experience, i.a. as Head of Information Security at Infineon Technologies AG. In this position, he was responsible for the entire information security management of the international semiconductor manufacturer. As CEO of Loomans & Matz AG he and his team of consultants can look back on many years of experience working for big companies in the banking, telecommunication and media sector, pharmaceutical and chemical industries, for small and medium-sized businesses as well as for German federal authorities. Since 2005 Loomans & Matz AG has been consulting its clients on matters of information security, business continuity and data privacy.

On an international level, Prof. Dr. Loomans is engaged as the ISF agent DACH of the Information Security Forum (ISF), one of the most renowned and largest associations in the area of information security. On a national level, he is professor for business informatics at the University for Applied Sciences in Mainz, Germany and provides his expertise to business associations and members of parliament of the Deutsche Bundestag. In addition to his role as a seminar speaker on information security topics, Prof. Dr. Loomans is active in the “Alliance for Cyber Security” of the BSI (German Federal Office for Information Security). Since 2014 he serves as an authorized expert for the European Commission in order to evaluate project proposals for future IT security technologies.

„Threat Horizon 2017“
The pace and scale of information security threats continues to accelerate, endangering the integrity and reputation of trusted organizations. Although cyberspace offers opportunities for leading organizations, this environment is uncertain and potentially dangerous. It is a place where hacktivists and cybercriminals are honing their skills and governments are introducing new regulation and legislation in response to major incidents and public concerns. Organizations are forced to continually adapt and rapidly respond. Those that are informed and prepared for change will go a long way to securing their future.

Threat Horizon 2017 looks ahead two years, identifying and analyzing new or emerging threats that may impact the confidentiality, integrity and availability of information. The report contains recommendations for ISF Members and references to ISF deliverables and resources that can help to address these threats.

This year’s report identifies nine compelling threats that are set out under three thought-provoking themes. These themes engage with particularly difficult cybersecurity challenges in a way that is relevant to senior business managers, information security professionals and other key organizational stakeholders. They are:

Disruption divides and conquers – innovation is bringing new opportunities for business, but also malicious actors that seek to disrupt operations

Complexity conceals fragility – a cyberspace congested with people and devices is becoming more complex, exposing the fragility of the underlying infrastructure

Swisscom AG, Adrian Humbel, Head of Security Solutions
As head of Swisscom Security Solutions, Adrian is responsible for a complete set of managed security services which protect and alert enterprise customers from potential security breaches. In addition, Adrian is focusing with Swisscom Certificate-, Authentication and Signing services on innovative security solutions, which enable radical new ways of digital communication in B-B-C business models.

From 2007 to 2012, Adrian was CEO of SwissSign AG, a company fully owned by Swiss Post. In this role, Adrian was responsible for development, production, marketing, operations, and support of certificate-based identity and IT security solutions, including the SuisseID.
Prior to leading SwissSign AG, he was VP & CTO EMEA for identity and security solutions at Novell Europe for 5 years. Before, he was CEO of Novell Switzerland for five years.

Adrian studied management and IT at the University of St.Gallen and holds an MBA in economics an information technology from this
institution.

Swisscom AG, Roger Halbheer, Head of Group SecurityRoger Halbheer is Head of Group Security at Swisscom. He is responsible for the security strategy of the overall Swisscom Group in close collaboration with the group’s companies. Roger is a trusted advisor to C-level executives in the commercial and private sectors and regularly represents Swisscom at industry events. Until 2013 Roger was Microsoft’s Worldwide Chief Security Advisor.
A Swiss national, Roger holds a Master of Computer Science degree from the Federal Institute of Technology in Zurich and is a Certified Information System Security Professional (CISSP).

Security for Tomorrow – new Approaches for a new WorldThe threat landscape changed significantly over the last years but what happened to our security concepts? Were we brave enough to keep up with the threat landscape? New ideas and new approaches are needed, where the employee, the human is at the center – not security or technology. Swisscom works in different areas on new concepts and new ideas and is working closely with start-ups approaching security differently.

We will show you some concepts we see relevant for the future and how we approach them.

Presentations

AlgoSec, Edy Almer, VP Product Management
Edy Almer is responsible for developing and executing the company’s product strategy. Previously Mr. Almer served as VP of Marketing and Product Management at Wave Systems, an enterprise security software provider, following its acquisition of Safend where he served in the same role.

Prior to Safend, Mr. Almer managed the encryption and endpoint DLP products within the Endpoint Security Group at Symantec. Previously he managed the memory cards product line at M-Systems prior to that company’s acquisition by Sandisk in 2006.Mr. Almer’s operational experience includes the launch of 3G services projects at Orange, Israel’s fastest growing cellular operator, resulting in 100,000 new 3G customers within a year of its launch. As the CTO of Partner Future Comm, Mr. Almer developed the product and company strategy for potential venture capital recipient companies. Mr. Almer has a B. Sc. in Electrical Engineering and an MBA.

Hybrid is Here, Security is Not
Enterprise-sanctioned cloud deployments are fast becoming a reality as companies look to expand their data centers into the cloud in order to increase business agility and reduce costs. Even the most regulated industries are beginning to consider the financial advantages of the cloud. But concerns about security and compliance are slowing them down.

In this presentation Mr. Almer will highlight some of the security challenges organizations face when migrating business applications to the public cloud, and provide some best practices to mitigate them. He will also call out the pros and cons of various security models and infrastructure options to help companies understand their risks and design and deploy an environment that best meets their needs today and in the future.

BalaBit, Laszlo Szabo, Head of Solution StrategyMr. Laszlo Szabo is working for BalaBit as the Head of Solution Strategy. He has 10+ years of experience in managing various IT Security focused projects including security consultancy, auditing, ethical hacking, log-management and forensics.

Dealing with BalaBit technologies since 2009 his goal is lead Solution Services as close to the Security market as possible eliminating the most painful problems of Enterprise customers with efficient solutions based on BalaBit’s best-of-breed portfolio.

Contextual Security IntelligenceIT security departments face a difficult challenge nowadays: the contradictory expectations of business flexibility and information security. But these do not necessarily need to contradict each other. The problem stems ‘only’ from current security practices based on control tools which are adequate against automatic attacks but cannot stop an intelligent, motivated attacker. In other words, the result of higher levels of control is more restrictions on users while letting criminals get on with their work. We can find better answers in real-life security disciplines.

According to experts in these fields, security is nothing more than the knowledge of a situation and the power to intervene. So, IT security should rely more on monitoring to be able to be business-friendly and at the same time provide real security. But more information is needed to add context, this allows intelligent security decision in future.

Bank Julius Bär & Co. Ltd. Michael Meli, Chief Information Security Officer
Michael Meli is a seasoned security expert with a solid and proven track record. As a matter of fact he has over 17 years of experience in the information security, safety and IT audit area in several large companies, including banks.He has significant experience in restructuring and building efficient and effective security organizations. Michael holds a master degree of the University of St. Gallen (HSG) in Information and Technology Management.

New CISO – surviving the first 100 days
Michael will share the experience he made during his first 100 days at Julius Bär where he started to work on January 1st, 2015. Specifically you will learn about how he survived and shaped the first 100 days, which was the storyline he developed in order to onboard senior management, what questions he asked and the waves he rode.

Bern University of Applied Sciences, Dr. Endre Bangerter, Professor of Computer Science
Endre Bangerter is professor of computer science at the Bern University of Applied Sciences, and a lecturer at the Forensic Science Institute of the University of Lausanne.In earlier jobs, Endre has worked as a software developer, technical consultant, and researcher at IBM Global Services, IBM Research, and Accenture. He has a PhD in computer science from in the field of cryptography from the Horst Görtz Institute For II-security at the University of Bochum in Germany.

Endre heads the Security Engineering Lab (SEL, http://sel.bfh.ch) at the Bern University of Applied Sciences. The SEL is a group of researchers and practitioners. Its current research activities are in the field of intrusion forensics (e.g., memory forensics, malware analysis, custom security assessments).

Memory Tracing – Forensic Reverse Engineering
Memory forensics is considered to be a key technique for detecting and analyzing malware and hacking attacks. In this talk we present a novel technique in the field of memory forensics, which allows to automate certain aspects of malware analysis and reverse engineering. Given the sheer number of attacks, their sophistication and the lack of sufficiently many skilled analysis, (partial) automation of malware analsyis is crucial for dealing with attacks.

The core idea underlying our technique is to record memory dumps with a high temporal frequency (e.g., up to 100 memory dumps / second), resulting in a series of memory dumps (which we call a "memory trace") that record system behavior. We will show how memory traces give rise to novel malware analysis and reversing techniques, and illustrate them with practical examples. We will also discuss our memory trace acquisition engine.

The technology presented originates from research conducted at the Security Engineering Lab of the Bern University of Applies Sciences. With support from partners from industry, we are currently evaluating its applicability in industry.

Cisco, Kah-Kin Ho, Program Solution Manager CTD
Kah-Kin Ho has been with Cisco for more than 18 years. Currently he is part of the Global Corporate Technology Group (CTD) which develop among other things the Cisco Technology Radar .Previously as head of cyber security business development, he has been provided thought leadership to private and public sector organizations on how to respond to cyberrisks and threats. Prior to this, he was a solution architect in the Global Government Solutions Group, involved in large defense programs in Asia Pacific and Europe. In addition Ho has spent four years working with defense system Integrators to jointly develop solutions for the tactical battlefield. Kah-Kin has also filed two U.S. patents on IP networking protocols. Ho graduated from the State University of New York at Buffalo with bachelor’s and master’s degrees in electrical engineering. He also has a master’s degree in security policy and crisis management from ETH Zürich.

The Technology Radar – Envisioning the Future of IT Sets the Stage for Disruptive Change

IT has taken on a pervasive role in the world economy, fostering innovation at an incredible pace. Because of this, it is hugely important to predict where the IT industry is heading in the near and long term.
Get insights from Kah-Kin on how the Technology Radar foresees emerging technology transitions, builds visions around them, and shapes the internal and external innovation strategy.

Compass Security Schweiz AG, Ivano Somaini, Regional Manager Bern & Security Analyst
Ivano Somaini was already interested in IT Security during his youth and studied the topic further during his IT studies at ETH Zurich with focus on information security. During his studies he deepened his knowledge in topics such as cryptography protocols, network security and e-privacy. His master thesis deals with the theoretical aspects of security. Ivano modelled and verified the cryptographic protocol Kerberos.

Beside his studies, he worked as developer for AdNovum Informatik AG and afterwards as IT-Supporter for ETH Zurich. Since March 2011 Ivano Somaini is employed as Security Analyst at Compass Security. In 2013 he formed Compass Security’s branch office in Bern and has been leading it ever since.

"Social Engineering: The devil is in the details"
Information security threats to organisations have changed completely over the last decade, due to the complexity and dynamic nature of infrastructures and attacks. Successful attacks cost society billions a year, impacting vital services and the economy. New attacks cleverly exploit multiple organisational vulnerabilities, involving physical security and human behaviour. Defenders need to make rapid decisions regarding which attacks to block, as both infrastructure and attacker knowledge change rapidly.

The speaker, Ivano Somaini from Compass Security, was a member of the amateur acting group at the Cantonal School of Graubünden at Chur. With his Master in Information Security at ETH Zurich, he found the perfect way to combine those interests: Social Engineering.

This presentation will learn you more about the methodologies of a professional Social Engineer as well as the newest attack vectors available. Ivano Somaini will present you several attack scenarios he successfully executed in real companies during his four years of Social Engineering experience. All those scenarios exceeding known approaches such as e-mail phishing by far. He will explain how even the smallest and seemingly least relevant information revealed is enough to break into financial institutions and steal industrial Know-How.

The presentation will furthermore consist of some precise information on how companies can best protect themselves from these attacks based on the experiences and the knowledge of Ivano Somaini.

Corero Network Security, Julian Palmer, Vice President of Engineering
Julian Palmer is responsible for Corero’s worldwide product development and research team. Palmer brings over 25 years of engineering leadership and product development across the network security, storage, and operating systems industries. Palmer has a proven track record of developing product and engineering strategy, and successfully leading multi-site R&D organizations to success.

Prior to joining Corero, Palmer was a Distinguished Technologist and Senior Product Manager within HP Enterprise Security Products and HP Networking divisions. Within HP TippingPoint, Palmer was instrumental in developing both product and engineering strategy, and led various significant new product introduction projects in the next generation firewall, intrusion prevention and networking spaces. Palmer has also held senior roles within 3Com Corporation, Adaptec, and Digital Equipment. Palmer has a Bachelor of Science degree in Computer Science from Edinburgh University, United Kingdom.

The Growing DDoS Threat to your BusinessThis session reviews real world examples of DDoS attacks increasing in frequency and sophistication and the use of DDoS as a distraction for more nefarious data exfiltration purposes, based on findings from the Corero DDoS Trends and Analysis Report.
Join Corero Vice President of Engineering, Julian Palmer to discuss:

The DDoS threats of today and future predictions

How to gain greater visibility and control into traffic entering and leaving your organization

Best practices for implementing DDoS protection into your business continuity planning

ETH Zurich, David Gugelmann, Doctoral Student
David Gugelmann is a doctoral student at ETH Zurich. His main research interests are in network forensics and privacy protection. Gugelmann received an MSc in Electrical Engineering and Information Technology from ETH Zurich.

Finding malicious activity in HTTP(S) traffic with HvizFor most companies, HTTP/HTTPS traffic is probably the most important type of traffic when looking at traffic exchanged with services in the Internet. This includes both benign traffic and traffic caused by malware or malicious insiders. HTTP and HTTPS traffic recorded at the perimeter of an organization is therefore an exhaustive data source for the forensic investigation of security incidents.

However, due to the nested nature of today’s Web page structures – a web page access triggers tens or even hundreds of HTTP requests – it is a huge manual effort to tell apart benign traffic from malicious traffic.

In this talk, we present Hviz, an interactive visualization approach to represent the event timeline of HTTP and HTTPS activities of an endpoint. Hviz facilitates incident investigation by structuring, aggregating, and correlating HTTP events between endpoints in order to reduce the number of events that are exposed to an investigator while preserving the big picture.

We briefly discuss first results obtained with using our Hviz prototype system with synthetic and real-world HTTP traces from a campus network. These results show that Hviz is able to simplify the examination of malicious activities arising from malware traffic or insider threats by structuring and significantly reducing the amount of data presented to an investigator.

F5 Networks, Alfredo Vistola, Senior Security SolutionsAlfredo Vistola has been in the IT industry for 23 years employed by very well-known IT vendors. He joined the F5 Networks – world wide security business unit in 2004 and specializes in web application security, DDoS prevention, identity access management and anti-fraud protection.He has spoken at industry events such as ISACA, Internet security days, e-Crime, OWASP, … and has held the CEH certification since 2005, SANS and a number of vendor specific certifications.

Web fraud – attack examples and how to protect your internet online services against it Malware and Phishing continue to be major concerns for financial, healthcare, defense, energy, and many other organizations. Statistics show that browser-based Trojans and Phishing attacks account for about 70% of web fraud in 2014 alone.

Fraudsters continue to evolve and exploit the weakest link: the end user. Historically, organization have done pretty well in protecting the data centers, implementing multi-factor authentication and protecting applications via server-side controls; however, many have failed to focus on effectively securing the end point where users interact with web applications. This has been difficult because organizations do not have control over those end-user devices.

The presentation covers examples for online services like Man-In-The-Middle, Man-In-The-Browser or other Trojan-based activities such as web injections, form hijackings, page modifications and transaction modifications and upcoming new challenges.

Firmenich SA, Peter Merker, Corporate Information Security Officer
Peter is the Corporate Information Security Officer for Firmenich SA, a multi-national fragrance and flavors company, headquartered in Geneva, Switzerland. He brings 15+ years of experience in the digital security area, having developed and implemented Information Security Programs, Risk Frameworks and Internal Control Systems.

Information Security Policies and Compliance measurement – simplified?Development of Information Security Policies based on ISF Standard of Good Practices Control Framework and progress/compliance measurement through their Online Benchmarking tool.

FS-ISAC, John M. Salomon, Director Continental Europe
John Salomon represents the Financial Services Information Sharing and Analysis Center (FS-ISAC) as Director for continental Europe, Africa, and the Middle East; FS-ISAC is an industry-run not-for-profit community with ca. 5,500 members around the globe, dedicated to furthering the exchange of information security threat intelligence among financial firms and affiliated organizations.

John has 18 years of international information security experience in the areas of network security, crypto & authentication, risk management, and incident response; he previously worked as deputy head of security engineering for UBS, and is a graduate of UC Berkeley and INSEAD.

This presentation will provide a high-level overview of the evolving global cybercrime landscape, and presents the development of threat intelligence sharing in the as an effective countermeasures to increasingly complex attacks.

Information sharing is not without its challenges, particularly in the heavily regulated and technologically fast-moving financial industry; combined with the often fragmented and diverse nature of Europe, this means that cooperation, coordination, and active sharing will continue to grow in importance.

Informatique-MTF SA, Dr. Olaf Riebe, CTO and Head Business Unit ECM
Dr. Olaf Riebe is an outstanding DMS expert with a proven track record. He worked for more then 20 years in the area of «Secure Document und Records Management» and has a strong background in internet communication technologies. He is a member of the IMTF management team being responsible for the «Enterprise Content Management» business unit where he drives partnerships and emerging markets. Working at IMTF since 2008 his ambition is to enhance DMS and workgroup solutions with state-of the-art security technologies to protect any information from unauthorized access and usage. Dr. Olaf Riebe holds a PhD in Computer Science.

Data-centric security – what is new ?Confined and isolated IT environments don’t exist anymore. Organizations are becoming more and more distributed and it is hard – if not impossible – to clearly define IT boundaries. If to this reality we add all the volume and velocity issues that Big Data brings in, we see that infrastructure-based protection mechanisms (DLPs, firewalls, encrypted gateways, …) are not sufficient to protect the enterprise information crown jewels: sensitive information. We are convinced that data-centric information protection is the next logical step organizations should go!

In this session you will learn from Dr. Riebe what data-centric security means from a process and a technical perspective. He will share his experience made when implementing data-centric security solutions. In particular, it will be elaborated how important the identification and life-cycle classification of information is to trigger the suitable protection mechanisms like DLP or RMS functionalities.

InfoSec Global (Switzerland) AG, Dr. Tomislav Nad, System Architect & Cryptographer
Tomislav Nad has 7 years experience in IT Security and applied research. He holds a Master in Mathematics and a PhD in Cryptography from the Graz University of Technology. Until 2013 he conducted research in cryptography resulting in several published papers and articles.In 2013 he switched to the security industry to develop and deploy security systems. Currently, he is System Architect and Cryptographer at InfoSec Global Switzerland, developing and deploying new cryptographic solutions. His main interests are analysis, design and integration of cryptographic systems.

Advances and Trends in Cryptography
Cryptography is the basis of any security system and is usually the strongest link, but can turn to be devastating weak, if used incorrectly. In order to guarantee the security, it is of utmost importance to keep track whether the link is still strong or if new insights have been discovered.

Beside the analysis of existing primitives, research is conducted to find new techniques to improve security or to apply cryptography in new and innovative ways. In this talk we will have a look on the most recent advances in the research and development of cryptography and Show how modern systems are using cryptography to solve security issues today and in the future.

Ionic Security, Allen Vance, Vice President Product Management
Allen has over 25 years of experience in software and systems development, operations, and information security, with organizations in the defense, infosec, telecom and semiconductor industries.
His functional roles have included development, architecture, product management, operations, manufacturing, and strategic alliances/new business development.

At Ionic Security, Allen is responsible for the product roadmap, product delivery, and ensuring that the business stays aligned with market and customer needs.
He has ten years of cyber security experience including product management and strategic alliance roles at SecureWorks (now part of Dell) and Internet Security Systems (now part of IBM).
Allen’s educational background includes Computer Science and MBA degrees from Georgia Tech, the CISSP (Certified Information Systems Security Professional) and CCSK (Certificate of Cloud Security Knowledge) certifications, and a Green Belt in Lean/Six Sigma.
Allen is a member of the US FBI InfraGard program, and an active speaker on information security and risk management issues at industry events including the Information Systems Security Association (ISSA), Open Web Application Security Project (OWASP), and the Cloud Computing Expo. He has been interviewed by industry publications including Network World, ComputerWorld Canada, Computer Dealer News, and MSP Mentor.

Start with the Data
Change in the world of technology is rapid, with increasing demands from the business to deliver value from the innovation available in Cloud, Mobile, Collaboration and Analytics. New business models are transforming the adaptive companies in the digital economy whilst disrupting the path of the also ran’s. All this happening at a time when the balance of risk and probability has seemingly tipped towards a view that breaches and compromises are a matter of when and no longer if. Certainly IT security teams have tried to tackle this problem by layering on defenses and controls that ultimately have proven unsuccessful in stopping data theft.

Do you have to say no to the business when it comes to adopting new enabling technologies?

As your data moves beyond the traditional perimeter and current controls, are you confident that it’s protected, visible and in your control no matter where it is at rest, in use and in motion?

Gaining such confidence requires a new approach to information security to keep the data persistently safe and private while enabling the business – Start with the Data.

Time to Detect / Respond – How to achieve the next evolution level in Cyber Security

Security Metrics & KPIs – clueless reporting?

Cyber Resilience – 5 essential steps

Information Asset Centric Security – what’s critical?

From Threat Modeling to Use Case Engineering – worth to go?

Cyber Threat Intelligence – A market survey

Outsourcing of SOC Services – critical aspects

Managed SIEM – make or buy?

Protegrity, Clyde Williamson, Solutions Architect
Clyde Williamson has been working in the information security field for 18 years. He has worked as both a security consultant and as an Information Security Analyst inside several large enterprise organization. Formerly, he worked with a major enterprise as the lead security architect and implemented Protegrity across their enterprise for PCI compliance. Clyde brings years of real-world Protegrity experience and management to our customers now as a Senior Solutions Architect.

Securing your Data Across the Enterprise
Understanding that tokenization technology simplifies and significantly lowers the cost of PCI compliance is one thing; understanding how else your data security strategy can benefit from the same technology is another. Enterprise-wide tokenization is far less intrusive than encryption, as key management is greatly reduced or eliminated and the data type and length of the original data can be preserved. Tokens can be embedded with business intelligence to eliminate the need to de-tokenize sensitive data for many business processes. Applied across an entire enterprise, including BIG DATA and the Cloud, next generation tokenization enables complete protection and regulatory compliance for not only PCI data but also other sensitive data including PII and PHI.

The purpose of this session is to explain how an enterprise approach to data security allows organizations to protect data wherever it exists from acquisition to deletion to maximize security with minimal impact on day-to-day business operations while regulatory compliance is ensured.

What will attendees learn:

Tokenization as a strategic security approach

Tokenization performance and when not to use tokens

Enterprise tokenization best practices

Use cases in a heterogeneous IT environment

Kudelski Security – Jean-Philippe Aumasson, Principal Cryptographer at Nagravision SA
Jean-Philippe (JP) Aumasson is Principal Cryptographer at Kudelski Security in Cheseaux-sur-Lausanne, VD. Prior to that he received a PhD in cryptography in 2009, supervised by Prof. Willi Meier at FHNW Brugg-Windisch, AG. JP is known for designing the cryptographic functions BLAKE, BLAKE2, SipHash, and NORX.
He has spoken at conferences such as Black Hat and Chaos Communications Congress. Recently, he initiated the Crypto Coding Standard and the Password Hashing Competition projects. He is member of the technical advisory board of the Open Crypto Audit Project. JP tweets as @veorq.

Secure communication technology: past, present, future
Five years ago nobody had heard about WhatsApp. Last year Facebook acquired it for $19 billion. Three years ago WhatsApp was running an insecure protocol. Since a few months it’s deploying state-of-the-art end-to-end encryption stronger than many enterprise solutions and allegedly stronger than military solutions, in terms of protocol design.
The upshot is that secure communication tools are evolving rapidly, and it’s often unclear which solution to choose, for which use case: is it voice/VoIP, messaging, email, or a combination thereof? Can it and should it be integrated in the enterprise unified communications framework? Who can intercept communications? What are the free and open-source solutions available, and what are their limitations?
After a brief review of the evolution of commercial secure communication systems, this talk will answer those questions to help you select the most appropriate systems for your business.

Ping Identity, Hans Zandbelt, Senior Technical ArchitectHans Zandbelt is a Senior Technical Architect in the CTO office of Ping Identity covering the EMEA region. He holds an MSc. degree in Computer Science, Tele-Informatics and Open Systems, at the University of Twente. He has over 20 years of experience as a technical leader in research and innovation projects, including digital identity initiatives.
In 2007 he joined SURFnet as the architect and technical product manager of SURFfederatie, the national infrastructure for federated Single Sign-On for the research- and higher education community in the Netherlands. Since 2011 he joined Ping Identity and works on Single Sign-On, Cloud Identity & Access Management and large scale deployments of federation technologies such as SAML 2.0 and OpenID Connect.

Goodbye passwords. Hello productivity.
The future of identity – has the post-password era begun?
To stay secure in today’s business world, organizations need to adapt to new paradigms towards new concepts for managing identities. In an era of cloud and mobile, next generation identity systems must be federated by default, support mobile and API’s, and provide us with a unified view of identity and access across a highly distributed set of systems.

This session will explore how enterprise businesses can migrate away from traditional network- and password based security to a standards-based modern Identity and Access Management model that spans all of private and public clouds, on-premise and mobile infrastructures. We’ll take a look at the relevant standards and how they allow us to move away from password-based authenticate in to a post-password era that guarantees better security whilst increasing convenience and productivity.

Qualys, Wolfgang Kandek, CTO
As the CTO for Qualys, Wolfgang Kandek is responsible for the innovation aspects of the Qualys Cloud Security platform. Kandek has over 25 years of experience in developing and managing information systems. His focus has been on Unix-based server architectures and application delivery through the Internet.
Prior to joining Qualys, he was Director of Network Operations at the Online Music streaming company myplay.com and at iSyndicate, an Internet media syndication company.
Earlier in his career, he held a variety of technical positions at EDS, MCI and IBM. He earned master’s and bachelor’s degrees in Computer Science from the Technical University of Darmstadt, Germany.

Security becomes ContinuousHackers constantly probe perimeters using automated tools to exploit any vulnerabilities. We need to do the same: move from infrequent periodic audits to continuous security. We can start at the perimeter, just as hackers do and learn from each attack.

This presentation explores the techniques used and shows that security has to adapt to the attacks in the wild and be continuous and always uptodate. We will provide best practices for mitigating risks in the same way hackers perpetually attempt to breakthrough.

>

Swisscom AG, Christof Jungo, Head of Security Architecture and Engineering
Christof Jungo is Head of Security Architecture and Engineering at Swisscom and is responsible for the security of the cloud. For over ten years, he brings his expertise in the development and management of security solutions in the provider environment at Swisscom. Previously, he was Chief Technology Officer and member of the management Netix specialist in network and security. Christof Jungo is the author of numerous articles around Cloud Security and a member of the Information Security Forum (ISF).

Collaborative Security ModelCurrent security deployments are composed of prevention, identification and intervention. We assume that our preventative measures have already been circumvented by our attackers and that other systems have been comprised. The challenge is being able to identify and counter attacks as quickly as possible. The collaborative security model is a framework that expands existing monitoring solutions for an open and expandable abstraction layer for security commands. The framework also establishes a standardized communication channel that enables security components to be managed centrally. Security solution providers can expand the collaborative security model with APP. We have already brought a number of providers on-board, such as Intel, Fortinet and Palo Alto Networks.

Rapid7, Wim Remes, Manager of Strategic Security ServicesAs the Manager of Strategic Security Services for Rapid7 in EMEA Wim Remes leverages his 15+ years of security leadership experience to advise clients on reducing their risk posture by solving complex security problems and by building resiliency into their organization. Wim delivers expert guidance on reducing the high cost of IT security failures, both financially and in terms of brand reputation combining his deep expertise in network security, identity management, policy design, risk assessment and penetration testing to develop innovative approaches to enterprise security.
Before joining the Rapid7 team Wim was a Managing Consultant at IOActive and previously he has worked as a Manager of Information Security for Ernst and Young and a Security Consultant for Bull, where he gained valuable experience building security programs for enterprise class clients.

Wim has been engaged in various InfoSec community initiatives such as the co-development of the Penetration Testing Execution Standard (PTES), InfosecMentors, The Eurotrash Security Podcast and organizing the BruCON security conference.
Wim has been a featured speaker at international conferences such as Excaliburcon (China), Blackhat Europe, Source Boston, Source Barcelona, GISEC (Dubai) and SecZone (Colombia). He is a former member and 2014 Chairman of the (ISC)2 Board of Directors

Modelling systems to reduce riskDon’t let your security programme fall behind. In a world where executives are asking more questions about security and high-profile breaches and critical vulnerabilities are reported in prime time, rigid policy frameworks and traditionally slow (but cautious) decision making are no longer sufficient. Security departments in organisations of all sizes and across all industries must ensure that business critical assets are protected, compliance and regulatory requirements are met, and rapidly changing business goals are supported. In this presentation,

Wim will cover the current state of the art for security programmes, how to work with your organisation to ensure that security becomes a business enabler and how to build a future-proof security program within an ever evolving and changing threat landscape.

Tenable Network Security, Colin West, Sales Engineering Director EMEA
Colin West is the EMEA Sales Engineering Director of Tenable Network Security. With over 23 years of IT security experience focused on supporting data and user protection technologies, Colin has worked with organisations around the world on their security programs. He especially enjoys improving the technical interaction experience for his customers.
Prior to joining Tenable, Colin worked with Symantec for over nine years as the Enterprise Senior Manager, running the Systems Engineering team, helping drive the product roadmaps and working closely with customers to maximize their security investments. Before Symantec, Colin was a project leader with system integrator Secure Information Systems, where he implemented emerging security technologies within major government
organisations.

Visualising Insider Activity and Uncovering Insiders ThreatsOrganizations have seen an upturn in security breaches from internal threats and research such as the 2014 Verizon Data Breach Investigations Report points to a continuation of this trend. Employees, contractors, and customer or partner organizations are all examples of points of origination for insider attacks. Also by 2018 we could see over 25% of corporate data traffic bypassing perimeter security and flowing directly from their mobiles devices to the cloud.

Join Colin West, EMEA Sales Engineering Director of Tenable Network Security, in this presentation where he will discuss:

Challenges organizations face due to the future inherent nature of insider threats

How organizations should set up best practices today to deal with this surge in company data access in the next few years

Relevance of setting baselines with current security practices for tomorrows cyber security concerns

TITUS, Tim Upton, Founder and CEO
Tim Upton is Founder and CEO of TITUS, and provides the overall vision for products and services around information protection best practices. Tim has run successful consulting and integration companies focused on IT Security and Infrastructure. He has extensive background as a technology consultant in the security and large infrastructure spaces. Tim has spoken at numerous North American and international events around information protection best practices, including the CSO40 Security Conference, CISO Executive Network Roundtables, NATO NIAS Security Conference, KuppingerCole Identity and Cloud Conference, and Transglobal Secure Collaboration Program (TSCP) panels.

The Increasing Importance of Using Data Identification and Behavioral Analytics to Tackle Insider ThreatsBeing able to accurately identify the sensitivity of corporate documents so that the proper controls can be enforced is a good start in addressing insider threats. Identifying potential insider threats however must go beyond just data identification. By looking at behavioral analytics, ‘normal’ user behavioral patterns can be established, and changes in behavior can serve to help guide corporate security groups to specific users who might be deemed a ‘threat’.

As insiders become more and more sophisticated in their attempts to breach sensitive information, the technology used to thwart their attempts must be able to keep up. Data that is generated through policy execution and enforcement will play an even more critical role in the success of behavioral analytics solutions. Additionally, behavioral analytics can feed into an organizational threat index, which can be an effective way to monitor risky behaviour and suspect employees.

In this session, Tim Upton, Founder and CEO of TITUS, will give you an outlook of the challenges and strategies that organizations will have in order to effectively manage insider threats, starting with protecting the data itself, and making all employees part of the organization’s data security framework.

Trend Micro, Udo Schneider, Security Evangelist DACH
Udo Schneider knows not only the dangers lurking in the Internet but also how to protect oneself from them. Before he started his current position as Security Evangelist DACH at Trend Micro, as a Solution Architect EMEA he engaged in the development of suitable countermeasures against these dangers. In this position he held for several years, he concentrated on topics like cloud-computing, virtualisation encryption as well as network security.

Before that, he also served as Product Marketing Manager and as Channel Development Manager at Trend Micro.Udo looks back on many years of experience he has gained at leading vendors within the IT security market: Amongst others, in his five years’ stay at Check Point Technologies he worked as Systems Engineer, as Senior Consultant, as Security Analyst, and as trainer. At Perimetrix Systems, he was Technical Director.

Modern Datacenters – “Face the challenges with Security”Many Enterprises plan to modernize their datacenters. New Technologies in virtualization offer interesting options. Else the move to the cloud, private or public is discussed. Next to the existing security concepts these new options also create new challenges. Additionally further compliance requirements and regulations are created by certain industries and governments as well. With all this it’s easy to lose the overview.

To help companies avoiding this, the speech discusses the different challenges enterprises face with solutions from e.g. AWS, Azure or SAP and helps preparing the security for the modern datacenter.

Tufin, Mark Wellins, Vice President of SolutionsMark has spent more than two decades focused on customers and their requirements, and puts that knowledge to work as Tufin’s Vice President of Solutions. In this role, Mark is responsible for the matching of business needs with Tufin’s technology to help organizations realize full value from their investment.

Prior to joining Tufin, Mark held leading positions at Check Point Software for nine years, including director of strategic accounts and global sales training. Mark also previously served in key technical roles at IBM Israel and Byford Computer Services in the UK. He holds a degree in Technology and Business Studies from the University of Strathclyde in Scotland.

Microsegmentation vs. legacy concepts – the future of policy orchestration
Companies are faced with challenging times. The traditional legacy networks evolved during the last years to virtualization and cloud concepts accompanied by technical hypes like BYOD, big data and “internet of things”. The opportunities of these developments are high – if the companies can realize the right mix between flexibility and control. Especially the security and compliance officers begin to struggle with these complex and heterogeneous environments – together with “silo-thinking” of the different administrators / business owners of independent physical network, virtualization (SDDC), Cloud and application environments.

How it´s possible to realize a general security policy within these diversified environments without huge personal efforts, bypass individual department managers and manual customization? The vision of Tufin is to help companies Within this challenging times, would be automatization, clear definition of cross-departmental workflows and integration of new concepts like multi-tendency and application oriented views a possible solution?

UBS AG, Stephan Pfirter, Information Security Officer for Group Technology
Stephan Pfirter is the Information Security Officer for Group Technology, the firm-wide IT function of UBS AG. With more than 15 years of experience in Information Security (IS) in various roles, he is (since 2012) responsible for enabling and supporting the adequate protection of information that is owned by Group Technology, and is managing Group Technology’s information security organisation. Functionally reporting to the Group Information Security Officer, he is closely collaborating with his peer Information Security Officers of the divisions and the Corporate Center functions to fulfil his mandate. This mandate comprises IS organisation & governance, IS policy framework, IS strategy, IS awareness, IS control implementation & risk remediation, IS assessment, IS controlling & reporting, as well as IS incident & crisis management.

The CEO gets it, now you have to deliver…Cyber will no longer be a buzzword confined to tech savvy people. Developments in cyberspace and related disasters are already in the news are talked about within the boardroom and reported in some organisations’ annual reports. By 2016, the CEO will understand cyber risk and expect the CISO to manage it, while delivering the value so long promised. The CISO needs to mature the security function to be able to satisfy the CEO’s questions, particularly: “are we ready?” and “are we secure?”. In this talk, Stephan will give you some insights and tips, and shows you possible ways to master this challenge.

University of Innsbruck, Dr. Ulrike Hugl, Associate Professor
Ulrike Hugl is a senior scientist and lecturer at the University of Innsbruck (School of Management), Department of Accounting, Auditing and Taxation. She is member of diverse scientific committees of international conferences as well as reviewer of several journals. Her research mainly focuses on new technologies with impacts on information security and data protection of organizations, as well as on corporate crime and industrial espionage issues.

Humans as security vulnerability! Malicious insider threat as a crucial corporate risk factorCurrent studies show that malicious insider threat is an increasing crucial issue for enterprises. Based on the dependence on ICT, new attack forms, collaboration with third parties and others, malicious insiders can cause enormous harm to an organization.
The talk will focus on the current state of insider threat and on motivational and behavioural aspects of malicious insiders. Furthermore, some starting points for organizational insider threat prevention management will be presented.

Venafi, Kevin Bocek, Vice President, Security Strategy & Threat IntelligenceKevin Bocek is responsible for security strategy and threat intelligence at Venafi. He brings more than 16 years of experience in IT security with leading security and privacy leaders including RSA Security, Thales, PGP Corporation, IronKey, CipherCloud, nCipher, and Xcert. Most recently, Mr. Bocek led Venafi’s investigation in to how Edward Snowden used cryptographic keys and digital certificates to breach the NSA. He is sought after for comment by media such as The Wall Street Journal, USA Today, and The Guardian along with security press including SC Magazine and Network World.

Kevin has successfully deployed authentication and encryption solutions for the world’s most demanding financial institutions, telcos, and government agencies. His early success securing critical systems included designing and engineering cutting-edge Java and smart card–based encryption and PKI applications for the U.S. government.

Kevin has authored several books, including PCI Cardholder Data Protection for Dummies and Laptop Encryption for Dummies and co-authored research projects with The Ponemon Institute including the Cost of Data Breach, Cost of Failed Trust, and Worldwide Encryption Trends reports.

Mr. Bocek has a B.S. in chemistry from the College of William & Mary and an MBA from Wake Forest University.

Securing our future: Lessons from the human immune system
All signs point to a future world of more complex, harder to detect threats. Capabilities of attackers are constantly evolving. For example, Intel predicts the next big hacker marketplace to be in the sale of digital certificates – these are already going for €1000 each on the black market. Bad guys are gaining trusted status and hiding for longer, and their evolution is accelerating. Gartner expects 50% of network attacks to use SSL/TLS in less than 2 years – more attackers looking trusted, hiding in encryption. Our adversaries are exploiting what seems to be our strengths.

What’s to do? The human immune system has evolved to defend and destroy complex and oftentimes overwhelming attacks. What can we learn from it? How can we create a future that’s more resistant as we use more software, more clouds, more apps, and more connected devices. This session will explore lessons from the human immune system, changes in the threatscape, and how our IT security strategies can evolve.

Neil is a member of the ENISA Threat Landscape stakeholder group where he contributes to the EU agency program alongside CERTs to position the threat landscape, offer mitigation advice and threat analysis innovation. Neil is also co-founder of the Security Advisor Alliance, a not-for-profit organisation formed to help security leaders in their role and offer free advice and tools to move towards improved risk and data-centric strategies.

Data protection – own your asset before your adversary
With cyber threat now a top concern for most CEOs, this session will focus on the value of adopting a risk-based, data-centric security strategy that aligns with corporate objectives. The combination will form a compelling case for all organisations to reassess the basic infrastructure and compliance-only security programmes that exist today.
This session will help bring you up to speed on the latest threat intel and cover the tactics and techniques today’s sophisticated adversary uses including:

Build an organisational coalition to define strategy from urgency to absorption

Moderators

Bernd Auer, a graduate economist of the Munich’s Ludwig-Maximilians-University, started his career at Xerox as the Product Business Manager Germany in the Production Printing Systems.
In sales-oriented positions as Director of Business Development & Channel for Europe and EMEA, he was active for Nuance, Vision Solutions and Aladdin / SafeNet (now Gemalto).Since the beginning of 2012, he has been the Regional Director Central Europe for the Information Security Forum ISF, a not-for-profit organisation and the world’s leading authority on information risk management.

Peter Berlich is an experienced and passionate trainer, manager and professional for Information Security.
Building on a foundation of professional, business and inter-cultural leadership skills, he has established, managed and supported security functions, management systems and programs in a large spectrum of organisational contexts, both from a client and service provider perspective. He has published numerous papers, articles and conference contributions on the subject of Information Risk, Security and Privacy as well as Security Careers and worked as a tutor for IT Security Management.

He is a community builder for security professionals, and has been serving as founding Chairman of the Swiss (ISC)² Chapter. He has served as Vice Chairman of the Board of certification organisation (ISC)² and as a Board member and chair of several other professional organisations.

Ronny Fischer has over 15 years of experience in the IT Security and more than 20 years in the IT. During this time he held various positions in network, IT security and hacking.

At present, Ronny Fischer is a Head of BT Security Switzerland in Wallisellen. Previously he served as Senior Security Consultant in BT and before as Security and Network Forensics Consultant for Computer Associates Switzerland and as an IT Security Specialist at Omicron and Comicro Netsys AG.

1solution AG, Erich Vogt, CTO Born and grown up in the pre-ICT, pre-Internet World, Erich had the first contact with Information Security in the early 80ties with IAM, BCM and Information Protection. During the early phase of PDF (Version1.0) and working in the preprint area with a strong attitude to IP-Protection, Document Security/Compliance, he implemented in the early 90ties his first Information Protection solutions. The fascination doing consulting and building customer oriented solutions with a holistic security approach, still drive his motivation every day.

As a member of Symantec’s global Security Response team, Candid Wüest analyses new security threats, formulates mitigation strategies and creates research reports on new emerging security trends – for example, threats to the Internet of Things.

Wüest joined Symantec in 2003. During three years he was working as a Virus Analyst in Symantec’s anti-malware laboratory in Dublin, Ireland, where he spent his time analysing malware and creating signatures. Prior to that, he was a member of the global security analyzing lab of IBM Research in Rüschlikon, Switzerland.

Wüest holds a master of computer science from the Swiss Federal Institute of Technology (ETH) and various certifications. He has published various whitepapers and has been featured as a security expert in various media. He is also a frequent speaker at security-related conferences including Area41, BlackHat and RSA. He learned coding and the English language on a Commodore 64.

[:en]

SIGS Technology Summit Speakers in 2015

The whole agenda you can find here – all presentations are held in English

Key Notes

(ISC)2, Peter Berlich, Authorized Instructor

Dr. Peter Berlich is an experienced and passionate trainer, manager and professional for Information Security.
Building on a foundation of professional, business and inter-cultural leadership skills, he has established, managed and supported security functions, management systems and programs in a large spectrum of organisational contexts, both from a client and service provider perspective. He has published numerous papers, articles and conference contributions on the subject of Information Risk, Security and Privacy as well as Security Careers and worked as a tutor for IT Security Management.

He is a community builder for security professionals, and has been serving as founding Chairman of the Swiss (ISC)² Chapter. He has served as Vice Chairman of the Board of certification organisation (ISC)² and as a Board member and chair of several other professional organisations.

The Great Cyber Race: Information and cyber security preparedness as seen from the front-lines of practice around the World
For over 10 years, the (ISC)² global Information Security Workforce Study has tracked trends in security management, spending and staffing to reveal corporate and society’s preparedness for the digital age. As the largest, and only work of its kind to provide a comprehensive view of opportunities and challenges as seen through the eyes of practicing professionals, the study is increasingly referenced by governments and organizations around the world.

In 2015 the study, available from April, presents a stark view of the combined impact of developing technology trends; and an increasingly sophisticated threat landscape, against a concern first raised in 2013 of a now acute skills crunch. A clear illustration of how digital development and society’s dependencies continue to outstrip the capacity to secure them, this year’s findings point to key management gaps within current practice, very real strains being felt by security teams and their organisations; and the influence all of this is having on security spending. Particular points of interest include:

Developments across management, job roles, and salaries

How organisational systems are changing and related security gaps

The tasks and issues that consume professionals’ time

Top threats and techniques that professionals are facing

Top spending choices for security solutions and training

And more

Presentation in the stream of Information Security Forum (ISF)

A best practice framework for managing information risk
Effective management of information risk has never been as critical as it is today, particularly if organisations are to stay resilient while in pursuit of strategic goals. The role of cyber and information risk management is a board issue and must be given the same level of attention afforded to operational risk management and other established risk management practices today.

The insatiable appetite for speed and agility, the growing importance of the full supply chain (upstream and downstream) and the mounting dependence on diverse technologies (such as cloud computing and Bring Your Own Device (BYOD)) demand a consistent security framework and a scalable Information Security Management System, conformant with established standards.

We are presenting the ISF’s comprehensive best practice framework developed out of 25 years of best practice from a wide range of enterprises, including ISO 27002 compatible security controls, Risk Management and Benchmarking tools with an ‘out of the box’ approach for addressing a wide range of challenges – whether they be strategic, compliance-driven or process approaches.

Cyverse, Shira Kaplan, CEO

Shira’s technological training dates back to her military service in the Israeli 8200 Elite Technology Unit of the Intelligence. In 8200, which became well-known for producing some of Israel’s top cybersecurity entrepreneurs, Shira was young sergeant overseeing two technology desks.

Shira’s professional career in Israel focused on economic research and investor relations. Upon relocating to Zurich in 2011, she served in various private banking functions at Bank Julius Baer & Co.

Upon completing her MBA thesis at the University of St. Gallen HSG in 2014, Shira launched Cyverse, a boutique consultancy based out of Zurich and Herzliya, with the vision of connecting Europe to Israel’s booming cybersecurity ecosystem.

Together with Cyverse’s Chairwoman, Ms. Anat Bar-Gera, a serial telecom entrepreneur, Cyverse has attracted to Switzerland some of Israel’s most advanced cybersecurity technologies, by tapping on Israel’s closed army and intelligence cybersecurity entrepreneurial circles.

Shira holds a B.A. from Harvard University and an MBA from the University of St. Gallen.

Israel: From Start-Up Nation to Cyber-Security Nation

In the last 4 years, Israel has seen the emergence of over 300 startups in the field of cybersecurity alone. This country of 8 million people has attracted in 2013 over 10% of the global funding in cybersecurity. In 2014, exit activity (acquisitions and IPOs) of Israeli cybersecurity startups exceeded CHF 1 billion.

How has the Israeli “startup nation” become a leading cybersecurity nation? Where do Israel’s top cybersecurity entrepreneurs come from? How does Michael Porter’s “Cluster” theory fit into this story? What are the opportunities for Swiss companies in the Israeli cybersecurity ecosystem? Shira’s lecture will touch upon all these points.

ISF, Prof. Dr. Dirk Loomans

The physicist has a broad management experience, i.a. as Head of Information Security at Infineon Technologies AG. In this position, he was responsible for the entire information security management of the international semiconductor manufacturer. As CEO of Loomans & Matz AG he and his team of consultants can look back on many years of experience working for big companies in the banking, telecommunication and media sector, pharmaceutical and chemical industries, for small and medium-sized businesses as well as for German federal authorities. Since 2005 Loomans & Matz AG has been consulting its clients on matters of information security, business continuity and data privacy.

On an international level, Prof. Dr. Loomans is engaged as the ISF agent DACH of the Information Security Forum (ISF), one of the most renowned and largest associations in the area of information security. On a national level, he is professor for business informatics at the University for Applied Sciences in Mainz, Germany and provides his expertise to business associations and members of parliament of the Deutsche Bundestag. In addition to his role as a seminar speaker on information security topics, Prof. Dr. Loomans is active in the “Alliance for Cyber Security” of the BSI (German Federal Office for Information Security). Since 2014 he serves as an authorized expert for the European Commission in order to evaluate project proposals for future IT security technologies.

„Threat Horizon 2017“
The pace and scale of information security threats continues to accelerate, endangering the integrity and reputation of trusted organizations. Although cyberspace offers opportunities for leading organizations, this environment is uncertain and potentially dangerous. It is a place where hacktivists and cybercriminals are honing their skills and governments are introducing new regulation and legislation in response to major incidents and public concerns. Organizations are forced to continually adapt and rapidly respond. Those that are informed and prepared for change will go a long way to securing their future.

Threat Horizon 2017 looks ahead two years, identifying and analyzing new or emerging threats that may impact the confidentiality, integrity and availability of information. The report contains recommendations for ISF Members and references to ISF deliverables and resources that can help to address these threats.

This year’s report identifies nine compelling threats that are set out under three thought-provoking themes. These themes engage with particularly difficult cybersecurity challenges in a way that is relevant to senior business managers, information security professionals and other key organizational stakeholders. They are:

Disruption divides and conquers – innovation is bringing new opportunities for business, but also malicious actors that seek to disrupt operations

Complexity conceals fragility – a cyberspace congested with people and devices is becoming more complex, exposing the fragility of the underlying infrastructure

Swisscom AG, Adrian Humbel, Head of Security Solutions
As head of Swisscom Security Solutions, Adrian is responsible for a complete set of managed security services which protect and alert enterprise customers from potential security breaches. In addition, Adrian is focusing with Swisscom Certificate-, Authentication and Signing services on innovative security solutions, which enable radical new ways of digital communication in B-B-C business models.

From 2007 to 2012, Adrian was CEO of SwissSign AG, a company fully owned by Swiss Post. In this role, Adrian was responsible for development, production, marketing, operations, and support of certificate-based identity and IT security solutions, including the SuisseID.
Prior to leading SwissSign AG, he was VP & CTO EMEA for identity and security solutions at Novell Europe for 5 years. Before, he was CEO of Novell Switzerland for five years.

Adrian studied management and IT at the University of St.Gallen and holds an MBA in economics an information technology from this
institution.

Swisscom AG, Roger Halbheer, Head of Group SecurityRoger Halbheer is Head of Group Security at Swisscom. He is responsible for the security strategy of the overall Swisscom Group in close collaboration with the group’s companies. Roger is a trusted advisor to C-level executives in the commercial and private sectors and regularly represents Swisscom at industry events. Until 2013 Roger was Microsoft’s Worldwide Chief Security Advisor.
A Swiss national, Roger holds a Master of Computer Science degree from the Federal Institute of Technology in Zurich and is a Certified Information System Security Professional (CISSP).

Security for Tomorrow – new Approaches for a new WorldThe threat landscape changed significantly over the last years but what happened to our security concepts? Were we brave enough to keep up with the threat landscape? New ideas and new approaches are needed, where the employee, the human is at the center – not security or technology. Swisscom works in different areas on new concepts and new ideas and is working closely with start-ups approaching security differently.

We will show you some concepts we see relevant for the future and how we approach them.

Presentations

AlgoSec, Edy Almer, VP Product Management
Edy Almer is responsible for developing and executing the company’s product strategy. Previously Mr. Almer served as VP of Marketing and Product Management at Wave Systems, an enterprise security software provider, following its acquisition of Safend where he served in the same role.

Prior to Safend, Mr. Almer managed the encryption and endpoint DLP products within the Endpoint Security Group at Symantec. Previously he managed the memory cards product line at M-Systems prior to that company’s acquisition by Sandisk in 2006.Mr. Almer’s operational experience includes the launch of 3G services projects at Orange, Israel’s fastest growing cellular operator, resulting in 100,000 new 3G customers within a year of its launch. As the CTO of Partner Future Comm, Mr. Almer developed the product and company strategy for potential venture capital recipient companies. Mr. Almer has a B. Sc. in Electrical Engineering and an MBA.

Hybrid is Here, Security is Not
Enterprise-sanctioned cloud deployments are fast becoming a reality as companies look to expand their data centers into the cloud in order to increase business agility and reduce costs. Even the most regulated industries are beginning to consider the financial advantages of the cloud. But concerns about security and compliance are slowing them down.

In this presentation Mr. Almer will highlight some of the security challenges organizations face when migrating business applications to the public cloud, and provide some best practices to mitigate them. He will also call out the pros and cons of various security models and infrastructure options to help companies understand their risks and design and deploy an environment that best meets their needs today and in the future.

BalaBit, Laszlo Szabo, Head of Solution StrategyMr. Laszlo Szabo is working for BalaBit as the Head of Solution Strategy. He has 10+ years of experience in managing various IT Security focused projects including security consultancy, auditing, ethical hacking, log-management and forensics.

Dealing with BalaBit technologies since 2009 his goal is lead Solution Services as close to the Security market as possible eliminating the most painful problems of Enterprise customers with efficient solutions based on BalaBit’s best-of-breed portfolio.

Contextual Security IntelligenceIT security departments face a difficult challenge nowadays: the contradictory expectations of business flexibility and information security. But these do not necessarily need to contradict each other. The problem stems ‘only’ from current security practices based on control tools which are adequate against automatic attacks but cannot stop an intelligent, motivated attacker. In other words, the result of higher levels of control is more restrictions on users while letting criminals get on with their work. We can find better answers in real-life security disciplines.

According to experts in these fields, security is nothing more than the knowledge of a situation and the power to intervene. So, IT security should rely more on monitoring to be able to be business-friendly and at the same time provide real security. But more information is needed to add context, this allows intelligent security decision in future.

Bank Julius Bär & Co. Ltd. Michael Meli, Chief Information Security Officer
Michael Meli is a seasoned security expert with a solid and proven track record. As a matter of fact he has over 17 years of experience in the information security, safety and IT audit area in several large companies, including banks.He has significant experience in restructuring and building efficient and effective security organizations. Michael holds a master degree of the University of St. Gallen (HSG) in Information and Technology Management.

New CISO – surviving the first 100 days
Michael will share the experience he made during his first 100 days at Julius Bär where he started to work on January 1st, 2015. Specifically you will learn about how he survived and shaped the first 100 days, which was the storyline he developed in order to onboard senior management, what questions he asked and the waves he rode.

Bern University of Applied Sciences, Dr. Endre Bangerter, Professor of Computer Science
Endre Bangerter is professor of computer science at the Bern University of Applied Sciences, and a lecturer at the Forensic Science Institute of the University of Lausanne.In earlier jobs, Endre has worked as a software developer, technical consultant, and researcher at IBM Global Services, IBM Research, and Accenture. He has a PhD in computer science from in the field of cryptography from the Horst Görtz Institute For II-security at the University of Bochum in Germany.

Endre heads the Security Engineering Lab (SEL, http://sel.bfh.ch) at the Bern University of Applied Sciences. The SEL is a group of researchers and practitioners. Its current research activities are in the field of intrusion forensics (e.g., memory forensics, malware analysis, custom security assessments).

Memory Tracing – Forensic Reverse Engineering
Memory forensics is considered to be a key technique for detecting and analyzing malware and hacking attacks. In this talk we present a novel technique in the field of memory forensics, which allows to automate certain aspects of malware analysis and reverse engineering. Given the sheer number of attacks, their sophistication and the lack of sufficiently many skilled analysis, (partial) automation of malware analsyis is crucial for dealing with attacks.

The core idea underlying our technique is to record memory dumps with a high temporal frequency (e.g., up to 100 memory dumps / second), resulting in a series of memory dumps (which we call a "memory trace") that record system behavior. We will show how memory traces give rise to novel malware analysis and reversing techniques, and illustrate them with practical examples. We will also discuss our memory trace acquisition engine.

The technology presented originates from research conducted at the Security Engineering Lab of the Bern University of Applies Sciences. With support from partners from industry, we are currently evaluating its applicability in industry.

Cisco, Kah-Kin Ho, Program Solution Manager CTD
Kah-Kin Ho has been with Cisco for more than 18 years. Currently he is part of the Global Corporate Technology Group (CTD) which develop among other things the Cisco Technology Radar .Previously as head of cyber security business development, he has been provided thought leadership to private and public sector organizations on how to respond to cyberrisks and threats. Prior to this, he was a solution architect in the Global Government Solutions Group, involved in large defense programs in Asia Pacific and Europe. In addition Ho has spent four years working with defense system Integrators to jointly develop solutions for the tactical battlefield. Kah-Kin has also filed two U.S. patents on IP networking protocols. Ho graduated from the State University of New York at Buffalo with bachelor’s and master’s degrees in electrical engineering. He also has a master’s degree in security policy and crisis management from ETH Zürich.

The Technology Radar – Envisioning the Future of IT Sets the Stage for Disruptive Change
IT has taken on a pervasive role in the world economy, fostering innovation at an incredible pace. Because of this, it is hugely important to predict where the IT industry is heading in the near and long term.
Get insights from Kah-Kin on how the Technology Radar foresees emerging technology transitions, builds visions around them, and shapes the internal and external innovation strategy.

Compass Security Schweiz AG, Ivano Somaini, Regional Manager Bern & Security Analyst
Ivano Somaini was already interested in IT Security during his youth and studied the topic further during his IT studies at ETH Zurich with focus on information security. During his studies he deepened his knowledge in topics such as cryptography protocols, network security and e-privacy. His master thesis deals with the theoretical aspects of security. Ivano modelled and verified the cryptographic protocol Kerberos.

Beside his studies, he worked as developer for AdNovum Informatik AG and afterwards as IT-Supporter for ETH Zurich. Since March 2011 Ivano Somaini is employed as Security Analyst at Compass Security. In 2013 he formed Compass Security’s branch office in Bern and has been leading it ever since.

"Social Engineering: The devil is in the details"
Information security threats to organisations have changed completely over the last decade, due to the complexity and dynamic nature of infrastructures and attacks. Successful attacks cost society billions a year, impacting vital services and the economy. New attacks cleverly exploit multiple organisational vulnerabilities, involving physical security and human behaviour. Defenders need to make rapid decisions regarding which attacks to block, as both infrastructure and attacker knowledge change rapidly.

The speaker, Ivano Somaini from Compass Security, was a member of the amateur acting group at the Cantonal School of Graubünden at Chur. With his Master in Information Security at ETH Zurich, he found the perfect way to combine those interests: Social Engineering.

This presentation will learn you more about the methodologies of a professional Social Engineer as well as the newest attack vectors available. Ivano Somaini will present you several attack scenarios he successfully executed in real companies during his four years of Social Engineering experience. All those scenarios exceeding known approaches such as e-mail phishing by far. He will explain how even the smallest and seemingly least relevant information revealed is enough to break into financial institutions and steal industrial Know-How.

The presentation will furthermore consist of some precise information on how companies can best protect themselves from these attacks based on the experiences and the knowledge of Ivano Somaini.

Corero Network Security, Julian Palmer, Vice President of Engineering
Julian Palmer is responsible for Corero’s worldwide product development and research team. Palmer brings over 25 years of engineering leadership and product development across the network security, storage, and operating systems industries. Palmer has a proven track record of developing product and engineering strategy, and successfully leading multi-site R&D organizations to success.

Prior to joining Corero, Palmer was a Distinguished Technologist and Senior Product Manager within HP Enterprise Security Products and HP Networking divisions. Within HP TippingPoint, Palmer was instrumental in developing both product and engineering strategy, and led various significant new product introduction projects in the next generation firewall, intrusion prevention and networking spaces. Palmer has also held senior roles within 3Com Corporation, Adaptec, and Digital Equipment. Palmer has a Bachelor of Science degree in Computer Science from Edinburgh University, United Kingdom.

The Growing DDoS Threat to your BusinessThis session reviews real world examples of DDoS attacks increasing in frequency and sophistication and the use of DDoS as a distraction for more nefarious data exfiltration purposes, based on findings from the Corero DDoS Trends and Analysis Report.
Join Corero Vice President of Engineering, Julian Palmer to discuss:

The DDoS threats of today and future predictions

How to gain greater visibility and control into traffic entering and leaving your organization

Best practices for implementing DDoS protection into your business continuity planning

ETH Zurich, David Gugelmann, Doctoral Student
David Gugelmann is a doctoral student at ETH Zurich. His main research interests are in network forensics and privacy protection. Gugelmann received an MSc in Electrical Engineering and Information Technology from ETH Zurich.

Finding malicious activity in HTTP(S) traffic with HvizFor most companies, HTTP/HTTPS traffic is probably the most important type of traffic when looking at traffic exchanged with services in the Internet. This includes both benign traffic and traffic caused by malware or malicious insiders. HTTP and HTTPS traffic recorded at the perimeter of an organization is therefore an exhaustive data source for the forensic investigation of security incidents.

However, due to the nested nature of today’s Web page structures – a web page access triggers tens or even hundreds of HTTP requests – it is a huge manual effort to tell apart benign traffic from malicious traffic.

In this talk, we present Hviz, an interactive visualization approach to represent the event timeline of HTTP and HTTPS activities of an endpoint. Hviz facilitates incident investigation by structuring, aggregating, and correlating HTTP events between endpoints in order to reduce the number of events that are exposed to an investigator while preserving the big picture.

We briefly discuss first results obtained with using our Hviz prototype system with synthetic and real-world HTTP traces from a campus network. These results show that Hviz is able to simplify the examination of malicious activities arising from malware traffic or insider threats by structuring and significantly reducing the amount of data presented to an investigator.

F5 Networks, Alfredo Vistola, Senior Security SolutionsAlfredo Vistola has been in the IT industry for 23 years employed by very well-known IT vendors. He joined the F5 Networks – world wide security business unit in 2004 and specializes in web application security, DDoS prevention, identity access management and anti-fraud protection.He has spoken at industry events such as ISACA, Internet security days, e-Crime, OWASP, … and has held the CEH certification since 2005, SANS and a number of vendor specific certifications.

Web fraud – attack examples and how to protect your internet online services against it Malware and Phishing continue to be major concerns for financial, healthcare, defense, energy, and many other organizations. Statistics show that browser-based Trojans and Phishing attacks account for about 70% of web fraud in 2014 alone.

Fraudsters continue to evolve and exploit the weakest link: the end user. Historically, organization have done pretty well in protecting the data centers, implementing multi-factor authentication and protecting applications via server-side controls; however, many have failed to focus on effectively securing the end point where users interact with web applications. This has been difficult because organizations do not have control over those end-user devices.

The presentation covers examples for online services like Man-In-The-Middle, Man-In-The-Browser or other Trojan-based activities such as web injections, form hijackings, page modifications and transaction modifications and upcoming new challenges.

Firmenich SA, Peter Merker, Corporate Information Security Officer
Peter is the Corporate Information Security Officer for Firmenich SA, a multi-national fragrance and flavors company, headquartered in Geneva, Switzerland. He brings 15+ years of experience in the digital security area, having developed and implemented Information Security Programs, Risk Frameworks and Internal Control Systems.

Information Security Policies and Compliance measurement – simplified?Development of Information Security Policies based on ISF Standard of Good Practices Control Framework and progress/compliance measurement through their Online Benchmarking tool.

FS-ISAC, John M. Salomon, Director Continental Europe
John Salomon represents the Financial Services Information Sharing and Analysis Center (FS-ISAC) as Director for continental Europe, Africa, and the Middle East; FS-ISAC is an industry-run not-for-profit community with ca. 5,500 members around the globe, dedicated to furthering the exchange of information security threat intelligence among financial firms and affiliated organizations.

John has 18 years of international information security experience in the areas of network security, crypto & authentication, risk management, and incident response; he previously worked as deputy head of security engineering for UBS, and is a graduate of UC Berkeley and INSEAD.

This presentation will provide a high-level overview of the evolving global cybercrime landscape, and presents the development of threat intelligence sharing in the as an effective countermeasures to increasingly complex attacks.

Information sharing is not without its challenges, particularly in the heavily regulated and technologically fast-moving financial industry; combined with the often fragmented and diverse nature of Europe, this means that cooperation, coordination, and active sharing will continue to grow in importance.

Informatique-MTF SA, Dr. Olaf Riebe, CTO and Head Business Unit ECM
Dr. Olaf Riebe is an outstanding DMS expert with a proven track record. He worked for more then 20 years in the area of «Secure Document und Records Management» and has a strong background in internet communication technologies. He is a member of the IMTF management team being responsible for the «Enterprise Content Management» business unit where he drives partnerships and emerging markets. Working at IMTF since 2008 his ambition is to enhance DMS and workgroup solutions with state-of the-art security technologies to protect any information from unauthorized access and usage. Dr. Olaf Riebe holds a PhD in Computer Science.

Data-centric security – what is new ?Confined and isolated IT environments don’t exist anymore. Organizations are becoming more and more distributed and it is hard – if not impossible – to clearly define IT boundaries. If to this reality we add all the volume and velocity issues that Big Data brings in, we see that infrastructure-based protection mechanisms (DLPs, firewalls, encrypted gateways, …) are not sufficient to protect the enterprise information crown jewels: sensitive information. We are convinced that data-centric information protection is the next logical step organizations should go!

In this session you will learn from Dr. Riebe what data-centric security means from a process and a technical perspective. He will share his experience made when implementing data-centric security solutions. In particular, it will be elaborated how important the identification and life-cycle classification of information is to trigger the suitable protection mechanisms like DLP or RMS functionalities.

InfoSec Global (Switzerland) AG, Dr. Tomislav Nad, System Architect & Cryptographer
Tomislav Nad has 7 years experience in IT Security and applied research. He holds a Master in Mathematics and a PhD in Cryptography from the Graz University of Technology. Until 2013 he conducted research in cryptography resulting in several published papers and articles.In 2013 he switched to the security industry to develop and deploy security systems. Currently, he is System Architect and Cryptographer at InfoSec Global Switzerland, developing and deploying new cryptographic solutions. His main interests are analysis, design and integration of cryptographic systems.

Advances and Trends in Cryptography
Cryptography is the basis of any security system and is usually the strongest link, but can turn to be devastating weak, if used incorrectly. In order to guarantee the security, it is of utmost importance to keep track whether the link is still strong or if new insights have been discovered.

Beside the analysis of existing primitives, research is conducted to find new techniques to improve security or to apply cryptography in new and innovative ways. In this talk we will have a look on the most recent advances in the research and development of cryptography and Show how modern systems are using cryptography to solve security issues today and in the future.

Ionic Security, Allen Vance, Vice President Product Management
Allen has over 25 years of experience in software and systems development, operations, and information security, with organizations in the defense, infosec, telecom and semiconductor industries.
His functional roles have included development, architecture, product management, operations, manufacturing, and strategic alliances/new business development.

At Ionic Security, Allen is responsible for the product roadmap, product delivery, and ensuring that the business stays aligned with market and customer needs.
He has ten years of cyber security experience including product management and strategic alliance roles at SecureWorks (now part of Dell) and Internet Security Systems (now part of IBM).
Allen’s educational background includes Computer Science and MBA degrees from Georgia Tech, the CISSP (Certified Information Systems Security Professional) and CCSK (Certificate of Cloud Security Knowledge) certifications, and a Green Belt in Lean/Six Sigma.
Allen is a member of the US FBI InfraGard program, and an active speaker on information security and risk management issues at industry events including the Information Systems Security Association (ISSA), Open Web Application Security Project (OWASP), and the Cloud Computing Expo. He has been interviewed by industry publications including Network World, ComputerWorld Canada, Computer Dealer News, and MSP Mentor.

Start with the Data
Change in the world of technology is rapid, with increasing demands from the business to deliver value from the innovation available in Cloud, Mobile, Collaboration and Analytics. New business models are transforming the adaptive companies in the digital economy whilst disrupting the path of the also ran’s. All this happening at a time when the balance of risk and probability has seemingly tipped towards a view that breaches and compromises are a matter of when and no longer if. Certainly IT security teams have tried to tackle this problem by layering on defenses and controls that ultimately have proven unsuccessful in stopping data theft.

Do you have to say no to the business when it comes to adopting new enabling technologies?

As your data moves beyond the traditional perimeter and current controls, are you confident that it’s protected, visible and in your control no matter where it is at rest, in use and in motion?

Gaining such confidence requires a new approach to information security to keep the data persistently safe and private while enabling the business – Start with the Data.

Time to Detect / Respond – How to achieve the next evolution level in Cyber Security

Security Metrics & KPIs – clueless reporting?

Cyber Resilience – 5 essential steps

Information Asset Centric Security – what’s critical?

From Threat Modeling to Use Case Engineering – worth to go?

Cyber Threat Intelligence – A market survey

Outsourcing of SOC Services – critical aspects

Managed SIEM – make or buy?

Protegrity, Clyde Williamson, Solutions Architect
Clyde Williamson has been working in the information security field for 18 years. He has worked as both a security consultant and as an Information Security Analyst inside several large enterprise organization. Formerly, he worked with a major enterprise as the lead security architect and implemented Protegrity across their enterprise for PCI compliance. Clyde brings years of real-world Protegrity experience and management to our customers now as a Senior Solutions Architect.

Securing your Data Across the Enterprise
Understanding that tokenization technology simplifies and significantly lowers the cost of PCI compliance is one thing; understanding how else your data security strategy can benefit from the same technology is another. Enterprise-wide tokenization is far less intrusive than encryption, as key management is greatly reduced or eliminated and the data type and length of the original data can be preserved. Tokens can be embedded with business intelligence to eliminate the need to de-tokenize sensitive data for many business processes. Applied across an entire enterprise, including BIG DATA and the Cloud, next generation tokenization enables complete protection and regulatory compliance for not only PCI data but also other sensitive data including PII and PHI.

The purpose of this session is to explain how an enterprise approach to data security allows organizations to protect data wherever it exists from acquisition to deletion to maximize security with minimal impact on day-to-day business operations while regulatory compliance is ensured.

What will attendees learn:

Tokenization as a strategic security approach

Tokenization performance and when not to use tokens

Enterprise tokenization best practices

Use cases in a heterogeneous IT environment

Kudelski Security – Jean-Philippe Aumasson, Principal Cryptographer at Nagravision SA
Jean-Philippe (JP) Aumasson is Principal Cryptographer at Kudelski Security in Cheseaux-sur-Lausanne, VD. Prior to that he received a PhD in cryptography in 2009, supervised by Prof. Willi Meier at FHNW Brugg-Windisch, AG. JP is known for designing the cryptographic functions BLAKE, BLAKE2, SipHash, and NORX.
He has spoken at conferences such as Black Hat and Chaos Communications Congress. Recently, he initiated the Crypto Coding Standard and the Password Hashing Competition projects. He is member of the technical advisory board of the Open Crypto Audit Project. JP tweets as @veorq.

Secure communication technology: past, present, future
Five years ago nobody had heard about WhatsApp. Last year Facebook acquired it for $19 billion. Three years ago WhatsApp was running an insecure protocol. Since a few months it’s deploying state-of-the-art end-to-end encryption stronger than many enterprise solutions and allegedly stronger than military solutions, in terms of protocol design.
The upshot is that secure communication tools are evolving rapidly, and it’s often unclear which solution to choose, for which use case: is it voice/VoIP, messaging, email, or a combination thereof? Can it and should it be integrated in the enterprise unified communications framework? Who can intercept communications? What are the free and open-source solutions available, and what are their limitations?
After a brief review of the evolution of commercial secure communication systems, this talk will answer those questions to help you select the most appropriate systems for your business.

Ping Identity, Hans Zandbelt, Senior Technical ArchitectHans Zandbelt is a Senior Technical Architect in the CTO office of Ping Identity covering the EMEA region. He holds an MSc. degree in Computer Science, Tele-Informatics and Open Systems, at the University of Twente. He has over 20 years of experience as a technical leader in research and innovation projects, including digital identity initiatives.
In 2007 he joined SURFnet as the architect and technical product manager of SURFfederatie, the national infrastructure for federated Single Sign-On for the research- and higher education community in the Netherlands. Since 2011 he joined Ping Identity and works on Single Sign-On, Cloud Identity & Access Management and large scale deployments of federation technologies such as SAML 2.0 and OpenID Connect.

Goodbye passwords. Hello productivity.
The future of identity – has the post-password era begun?
To stay secure in today’s business world, organizations need to adapt to new paradigms towards new concepts for managing identities. In an era of cloud and mobile, next generation identity systems must be federated by default, support mobile and API’s, and provide us with a unified view of identity and access across a highly distributed set of systems.

This session will explore how enterprise businesses can migrate away from traditional network- and password based security to a standards-based modern Identity and Access Management model that spans all of private and public clouds, on-premise and mobile infrastructures. We’ll take a look at the relevant standards and how they allow us to move away from password-based authenticate in to a post-password era that guarantees better security whilst increasing convenience and productivity.

Qualys, Wolfgang Kandek, CTO
As the CTO for Qualys, Wolfgang Kandek is responsible for the innovation aspects of the Qualys Cloud Security platform. Kandek has over 25 years of experience in developing and managing information systems. His focus has been on Unix-based server architectures and application delivery through the Internet.
Prior to joining Qualys, he was Director of Network Operations at the Online Music streaming company myplay.com and at iSyndicate, an Internet media syndication company.
Earlier in his career, he held a variety of technical positions at EDS, MCI and IBM. He earned master’s and bachelor’s degrees in Computer Science from the Technical University of Darmstadt, Germany.

Security becomes ContinuousHackers constantly probe perimeters using automated tools to exploit any vulnerabilities. We need to do the same: move from infrequent periodic audits to continuous security. We can start at the perimeter, just as hackers do and learn from each attack.

This presentation explores the techniques used and shows that security has to adapt to the attacks in the wild and be continuous and always uptodate. We will provide best practices for mitigating risks in the same way hackers perpetually attempt to breakthrough.

>

Swisscom AG, Christof Jungo, Head of Security Architecture and Engineering
Christof Jungo is Head of Security Architecture and Engineering at Swisscom and is responsible for the security of the cloud. For over ten years, he brings his expertise in the development and management of security solutions in the provider environment at Swisscom. Previously, he was Chief Technology Officer and member of the management Netix specialist in network and security. Christof Jungo is the author of numerous articles around Cloud Security and a member of the Information Security Forum (ISF).

Collaborative Security ModelCurrent security deployments are composed of prevention, identification and intervention. We assume that our preventative measures have already been circumvented by our attackers and that other systems have been comprised. The challenge is being able to identify and counter attacks as quickly as possible. The collaborative security model is a framework that expands existing monitoring solutions for an open and expandable abstraction layer for security commands. The framework also establishes a standardized communication channel that enables security components to be managed centrally. Security solution providers can expand the collaborative security model with APP. We have already brought a number of providers on-board, such as Intel, Fortinet and Palo Alto Networks.

Rapid7, Wim Remes, Manager of Strategic Security ServicesAs the Manager of Strategic Security Services for Rapid7 in EMEA Wim Remes leverages his 15+ years of security leadership experience to advise clients on reducing their risk posture by solving complex security problems and by building resiliency into their organization. Wim delivers expert guidance on reducing the high cost of IT security failures, both financially and in terms of brand reputation combining his deep expertise in network security, identity management, policy design, risk assessment and penetration testing to develop innovative approaches to enterprise security.
Before joining the Rapid7 team Wim was a Managing Consultant at IOActive and previously he has worked as a Manager of Information Security for Ernst and Young and a Security Consultant for Bull, where he gained valuable experience building security programs for enterprise class clients.

Wim has been engaged in various InfoSec community initiatives such as the co-development of the Penetration Testing Execution Standard (PTES), InfosecMentors, The Eurotrash Security Podcast and organizing the BruCON security conference.
Wim has been a featured speaker at international conferences such as Excaliburcon (China), Blackhat Europe, Source Boston, Source Barcelona, GISEC (Dubai) and SecZone (Colombia). He is a former member and 2014 Chairman of the (ISC)2 Board of Directors

Modelling systems to reduce riskDon’t let your security programme fall behind. In a world where executives are asking more questions about security and high-profile breaches and critical vulnerabilities are reported in prime time, rigid policy frameworks and traditionally slow (but cautious) decision making are no longer sufficient. Security departments in organisations of all sizes and across all industries must ensure that business critical assets are protected, compliance and regulatory requirements are met, and rapidly changing business goals are supported. In this presentation,

Wim will cover the current state of the art for security programmes, how to work with your organisation to ensure that security becomes a business enabler and how to build a future-proof security program within an ever evolving and changing threat landscape.

Tenable Network Security, Colin West, Sales Engineering Director EMEA
Colin West is the EMEA Sales Engineering Director of Tenable Network Security. With over 23 years of IT security experience focused on supporting data and user protection technologies, Colin has worked with organisations around the world on their security programs. He especially enjoys improving the technical interaction experience for his customers.
Prior to joining Tenable, Colin worked with Symantec for over nine years as the Enterprise Senior Manager, running the Systems Engineering team, helping drive the product roadmaps and working closely with customers to maximize their security investments. Before Symantec, Colin was a project leader with system integrator Secure Information Systems, where he implemented emerging security technologies within major government
organisations.

Visualising Insider Activity and Uncovering Insiders ThreatsOrganizations have seen an upturn in security breaches from internal threats and research such as the 2014 Verizon Data Breach Investigations Report points to a continuation of this trend. Employees, contractors, and customer or partner organizations are all examples of points of origination for insider attacks. Also by 2018 we could see over 25% of corporate data traffic bypassing perimeter security and flowing directly from their mobiles devices to the cloud.

Join Colin West, EMEA Sales Engineering Director of Tenable Network Security, in this presentation where he will discuss:

Challenges organizations face due to the future inherent nature of insider threats

How organizations should set up best practices today to deal with this surge in company data access in the next few years

Relevance of setting baselines with current security practices for tomorrows cyber security concerns

TITUS, Tim Upton, Founder and CEO
Tim Upton is Founder and CEO of TITUS, and provides the overall vision for products and services around information protection best practices. Tim has run successful consulting and integration companies focused on IT Security and Infrastructure. He has extensive background as a technology consultant in the security and large infrastructure spaces. Tim has spoken at numerous North American and international events around information protection best practices, including the CSO40 Security Conference, CISO Executive Network Roundtables, NATO NIAS Security Conference, KuppingerCole Identity and Cloud Conference, and Transglobal Secure Collaboration Program (TSCP) panels.

The Increasing Importance of Using Data Identification and Behavioral Analytics to Tackle Insider ThreatsBeing able to accurately identify the sensitivity of corporate documents so that the proper controls can be enforced is a good start in addressing insider threats. Identifying potential insider threats however must go beyond just data identification. By looking at behavioral analytics, ‘normal’ user behavioral patterns can be established, and changes in behavior can serve to help guide corporate security groups to specific users who might be deemed a ‘threat’.
As insiders become more and more sophisticated in their attempts to breach sensitive information, the technology used to thwart their attempts must be able to keep up. Data that is generated through policy execution and enforcement will play an even more critical role in the success of behavioral analytics solutions. Additionally, behavioral analytics can feed into an organizational threat index, which can be an effective way to monitor risky behaviour and suspect employees.
In this session, Tim Upton, Founder and CEO of TITUS, will give you an outlook of the challenges and strategies that organizations will have in order to effectively manage insider threats, starting with protecting the data itself, and making all employees part of the organization’s data security framework.

Trend Micro, Udo Schneider, Security Evangelist DACH
Udo Schneider knows not only the dangers lurking in the Internet but also how to protect oneself from them. Before he started his current position as Security Evangelist DACH at Trend Micro, as a Solution Architect EMEA he engaged in the development of suitable countermeasures against these dangers. In this position he held for several years, he concentrated on topics like cloud-computing, virtualisation encryption as well as network security.

Before that, he also served as Product Marketing Manager and as Channel Development Manager at Trend Micro.Udo looks back on many years of experience he has gained at leading vendors within the IT security market: Amongst others, in his five years’ stay at Check Point Technologies he worked as Systems Engineer, as Senior Consultant, as Security Analyst, and as trainer. At Perimetrix Systems, he was Technical Director.

Modern Datacenters – “Face the challenges with Security”Many Enterprises plan to modernize their datacenters. New Technologies in virtualization offer interesting options. Else the move to the cloud, private or public is discussed. Next to the existing security concepts these new options also create new challenges. Additionally further compliance requirements and regulations are created by certain industries and governments as well. With all this it’s easy to lose the overview.

To help companies avoiding this, the speech discusses the different challenges enterprises face with solutions from e.g. AWS, Azure or SAP and helps preparing the security for the modern datacenter.

Tufin, Mark Wellins, Vice President of SolutionsMark has spent more than two decades focused on customers and their requirements, and puts that knowledge to work as Tufin’s Vice President of Solutions. In this role, Mark is responsible for the matching of business needs with Tufin’s technology to help organizations realize full value from their investment.

Prior to joining Tufin, Mark held leading positions at Check Point Software for nine years, including director of strategic accounts and global sales training. Mark also previously served in key technical roles at IBM Israel and Byford Computer Services in the UK. He holds a degree in Technology and Business Studies from the University of Strathclyde in Scotland.

Microsegmentation vs. legacy concepts – the future of policy orchestration
Companies are faced with challenging times. The traditional legacy networks evolved during the last years to virtualization and cloud concepts accompanied by technical hypes like BYOD, big data and “internet of things”. The opportunities of these developments are high – if the companies can realize the right mix between flexibility and control. Especially the security and compliance officers begin to struggle with these complex and heterogeneous environments – together with “silo-thinking” of the different administrators / business owners of independent physical network, virtualization (SDDC), Cloud and application environments.

How it´s possible to realize a general security policy within these diversified environments without huge personal efforts, bypass individual department managers and manual customization? The vision of Tufin is to help companies Within this challenging times, would be automatization, clear definition of cross-departmental workflows and integration of new concepts like multi-tendency and application oriented views a possible solution?

UBS AG, Stephan Pfirter, Information Security Officer for Group Technology
Stephan Pfirter is the Information Security Officer for Group Technology, the firm-wide IT function of UBS AG. With more than 15 years of experience in Information Security (IS) in various roles, he is (since 2012) responsible for enabling and supporting the adequate protection of information that is owned by Group Technology, and is managing Group Technology’s information security organisation. Functionally reporting to the Group Information Security Officer, he is closely collaborating with his peer Information Security Officers of the divisions and the Corporate Center functions to fulfil his mandate. This mandate comprises IS organisation & governance, IS policy framework, IS strategy, IS awareness, IS control implementation & risk remediation, IS assessment, IS controlling & reporting, as well as IS incident & crisis management.

The CEO gets it, now you have to deliver…Cyber will no longer be a buzzword confined to tech savvy people. Developments in cyberspace and related disasters are already in the news are talked about within the boardroom and reported in some organisations’ annual reports. By 2016, the CEO will understand cyber risk and expect the CISO to manage it, while delivering the value so long promised. The CISO needs to mature the security function to be able to satisfy the CEO’s questions, particularly: “are we ready?” and “are we secure?”. In this talk, Stephan will give you some insights and tips, and shows you possible ways to master this challenge.

University of Innsbruck, Dr. Ulrike Hugl, Associate Professor
Ulrike Hugl is a senior scientist and lecturer at the University of Innsbruck (School of Management), Department of Accounting, Auditing and Taxation. She is member of diverse scientific committees of international conferences as well as reviewer of several journals. Her research mainly focuses on new technologies with impacts on information security and data protection of organizations, as well as on corporate crime and industrial espionage issues.

Humans as security vulnerability! Malicious insider threat as a crucial corporate risk factorCurrent studies show that malicious insider threat is an increasing crucial issue for enterprises. Based on the dependence on ICT, new attack forms, collaboration with third parties and others, malicious insiders can cause enormous harm to an organization.
The talk will focus on the current state of insider threat and on motivational and behavioural aspects of malicious insiders. Furthermore, some starting points for organizational insider threat prevention management will be presented.

Venafi, Kevin Bocek, Vice President, Security Strategy & Threat IntelligenceKevin Bocek is responsible for security strategy and threat intelligence at Venafi. He brings more than 16 years of experience in IT security with leading security and privacy leaders including RSA Security, Thales, PGP Corporation, IronKey, CipherCloud, nCipher, and Xcert. Most recently, Mr. Bocek led Venafi’s investigation in to how Edward Snowden used cryptographic keys and digital certificates to breach the NSA. He is sought after for comment by media such as The Wall Street Journal, USA Today, and The Guardian along with security press including SC Magazine and Network World.

Kevin has successfully deployed authentication and encryption solutions for the world’s most demanding financial institutions, telcos, and government agencies. His early success securing critical systems included designing and engineering cutting-edge Java and smart card–based encryption and PKI applications for the U.S. government.

Kevin has authored several books, including PCI Cardholder Data Protection for Dummies and Laptop Encryption for Dummies and co-authored research projects with The Ponemon Institute including the Cost of Data Breach, Cost of Failed Trust, and Worldwide Encryption Trends reports.

Mr. Bocek has a B.S. in chemistry from the College of William & Mary and an MBA from Wake Forest University.

Securing our future: Lessons from the human immune system
All signs point to a future world of more complex, harder to detect threats. Capabilities of attackers are constantly evolving. For example, Intel predicts the next big hacker marketplace to be in the sale of digital certificates – these are already going for €1000 each on the black market. Bad guys are gaining trusted status and hiding for longer, and their evolution is accelerating. Gartner expects 50% of network attacks to use SSL/TLS in less than 2 years – more attackers looking trusted, hiding in encryption. Our adversaries are exploiting what seems to be our strengths.

What’s to do? The human immune system has evolved to defend and destroy complex and oftentimes overwhelming attacks. What can we learn from it? How can we create a future that’s more resistant as we use more software, more clouds, more apps, and more connected devices. This session will explore lessons from the human immune system, changes in the threatscape, and how our IT security strategies can evolve.

Neil is a member of the ENISA Threat Landscape stakeholder group where he contributes to the EU agency program alongside CERTs to position the threat landscape, offer mitigation advice and threat analysis innovation. Neil is also co-founder of the Security Advisor Alliance, a not-for-profit organisation formed to help security leaders in their role and offer free advice and tools to move towards improved risk and data-centric strategies.

Data protection – own your asset before your adversary
With cyber threat now a top concern for most CEOs, this session will focus on the value of adopting a risk-based, data-centric security strategy that aligns with corporate objectives. The combination will form a compelling case for all organisations to reassess the basic infrastructure and compliance-only security programmes that exist today.
This session will help bring you up to speed on the latest threat intel and cover the tactics and techniques today’s sophisticated adversary uses including:

Build an organisational coalition to define strategy from urgency to absorption

Moderators

Bernd Auer, a graduate economist of the Munich’s Ludwig-Maximilians-University, started his career at Xerox as the Product Business Manager Germany in the Production Printing Systems.
In sales-oriented positions as Director of Business Development & Channel for Europe and EMEA, he was active for Nuance, Vision Solutions and Aladdin / SafeNet (now Gemalto).Since the beginning of 2012, he has been the Regional Director Central Europe for the Information Security Forum ISF, a not-for-profit organisation and the world’s leading authority on information risk management.

Peter Berlich is an experienced and passionate trainer, manager and professional for Information Security.
Building on a foundation of professional, business and inter-cultural leadership skills, he has established, managed and supported security functions, management systems and programs in a large spectrum of organisational contexts, both from a client and service provider perspective. He has published numerous papers, articles and conference contributions on the subject of Information Risk, Security and Privacy as well as Security Careers and worked as a tutor for IT Security Management.

He is a community builder for security professionals, and has been serving as founding Chairman of the Swiss (ISC)² Chapter. He has served as Vice Chairman of the Board of certification organisation (ISC)² and as a Board member and chair of several other professional organisations.

Ronny Fischer has over 15 years of experience in the IT Security and more than 20 years in the IT. During this time he held various positions in network, IT security and hacking.

At present, Ronny Fischer is a Head of BT Security Switzerland in Wallisellen. Previously he served as Senior Security Consultant in BT and before as Security and Network Forensics Consultant for Computer Associates Switzerland and as an IT Security Specialist at Omicron and Comicro Netsys AG.

1solution AG, Erich Vogt, CTO Born and grown up in the pre-ICT, pre-Internet World, Erich had the first contact with Information Security in the early 80ties with IAM, BCM and Information Protection. During the early phase of PDF (Version1.0) and working in the preprint area with a strong attitude to IP-Protection, Document Security/Compliance, he implemented in the early 90ties his first Information Protection solutions. The fascination doing consulting and building customer oriented solutions with a holistic security approach, still drive his motivation every day.

As a member of Symantec’s global Security Response team, Candid Wüest analyses new security threats, formulates mitigation strategies and creates research reports on new emerging security trends – for example, threats to the Internet of Things.

Wüest joined Symantec in 2003. During three years he was working as a Virus Analyst in Symantec’s anti-malware laboratory in Dublin, Ireland, where he spent his time analysing malware and creating signatures. Prior to that, he was a member of the global security analyzing lab of IBM Research in Rüschlikon, Switzerland.

Wüest holds a master of computer science from the Swiss Federal Institute of Technology (ETH) and various certifications. He has published various whitepapers and has been featured as a security expert in various media. He is also a frequent speaker at security-related conferences including Area41, BlackHat and RSA. He learned coding and the English language on a Commodore 64.